hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.
Date Sat, 11 Apr 2015 20:15:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14491182#comment-14491182

Chris Nauroth commented on HDFS-6666:

Thanks for the update, Vijay.  I have just a few more nitpicky comments.

Patch v004 has a whitespace change in {{NameNode}}, but no changes in the code.  Let's remove
this file completely from the patch.

In {{BlockManager}}, we once again have a case of logging and then throwing.  I expect we
don't need to log here.  The thrown exception is sufficient, because it will propagate out,
terminate the process, and the user will see the message.

I liked having "Aborting NameNode" in the exception message.  That makes it very clear that
this is an intentional choice to abort.  Can we please add that back in the {{BlockManager}}
exception message?

I'll be +1 after these very minor changes, pending another Jenkins run and waiting to see
if Arpit has any additional feedback.  Thank you!

> Abort NameNode and DataNode startup if security is enabled but block access token is
not enabled.
> -------------------------------------------------------------------------------------------------
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 3.0.0, 2.5.0
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>         Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch, HDFS-6666.003.patch, HDFS-6666.004.patch
> Currently, if security is enabled by setting hadoop.security.authentication to kerberos,
but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false
(which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds
without even logging an error.  This jira proposes that this it's invalid to turn on security
but not turn on block access tokens, and that it would be better to fail fast and abort the
daemons during startup if this happens.

This message was sent by Atlassian JIRA

View raw message